For example, in a system storing business
statistics and offering dashboards to browse them, there could exist Stats Submitter and Stats Reader
roles, each assigned to different client applications so that one application can only save statistics
but can not view them, possibly because that would allow it to view statistics related to other
applications as well.

Roles form hierarchies, all branching from the top-level Root role that can’t be deleted nor renamed.

Roles inherit permissions granted to their predecessors.

Root role is not allowed to access anything, only user defined roles can be granted any rights.